Rants of a deranged squirrel.

You have a new security initiative? Great, here’s some advice…

Gemini prompt: Create a concept image of a person that works in Information Security, that looks tired and worn out, literally facing the announcements of too many new security initiatives that seem more hype than help. They should be on the vendor floor at a conference, with many sales-looking people advertising these new initiatives. There must be no mention of "AI" anywhere because that does not exist. The initiatives should be broader, higher level security ideas, not buzzwords or product-driven junk.

I am getting frustrated with the never-ending stream of ‘new’ security initiatives being announced. Doesn’t matter if they are community driven, compliance-based, or ‘industry standards’. For twenty years, we’ve heard it over and over, yet things just aren’t changing.

Most of these initiatives flop. Some may make it months or even years, limping along with virtually no support. Even projects with hundreds of people involved or supporting represent such a tiny fraction on the InfoSec industry, let alone the general IT industry, to say nothing of the rest of the world. In a few cases, the ‘new’ idea might even make a slight improvement for 0.000001% of the world. At best…

Largely though, they are worthless. People sometimes even spend more time banging on the initiative war-drum than the end result. Worse, for every one announced that does any real and lasting good, another hundred end up wasting time and going nowhere.

So you want to announce a new initiative to save the world? Great! How about instead, skip the initiative name, the policy, the name, the graphics, and the rest of the things that take time from actually doing something. Don’t talk about the project day in and day out. Just do good.

If you really feel that a structured movement with lofty ambitions and a brand are required, then do good first. Show the world you are serious and capable. Announce your new initiative on the back of a big ‘win’ or change. That will demonstrate you have the drive and dedication. Come out of the gate on the back of something concrete, not fluffy bullet points that are indistinguishable from any for-profit security company or charlatan.

Yes, everyone knows you want to ‘help’ and ‘protect’ and ‘improve’ and ‘secure’. The exact same thing everyone else in the industry says, both good and bad. And like many of them, your new initiative may not deliver either.

Exit mobile version